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REMARKS 



The foregoing amendments and drawing changes and the following remarks are response 
to the December 15, 2003 Office Action. Claims 28-53 are pending in the application. In the 
Office Action, the Examiner rejects Claims 28-53. The Examiner objects to the specification and 
the drawings. 

Applicants have amended FIG. 1 and FIG. 7B in response to the objections to the 
drawings and the specification. Applicants have not amended the claims in response to the 
rejections; however, Applicants have amended Claim 37 to provide proper antecedent basis for a 
user. 

Applicants respectfully request reconsideration of the application in view of the 
amendment and the drawing changes and in further view of the following remarks. 

Response to the Objections to the Drawings and the Specification 

In the Office Action, the Examiner objects to the drawings and the specification because 
reference designation 712 shown in FIG. 7B is not mentioned in the specification and because the 
reference designations 162 and 702 are mentioned in the specification but are not shown in the 
drawings. 

Applicants have replaced FIG. 1 with a revised FIG. 1 on the attached replacement sheet 
1 of 1 1 . Applicants have replaced FIG. 7B with a revised FIG. 7B on the attached replacement 
sheet 10 of 11. 

In revised FIG. 1, Applicants have added reference designation 162 to identify the 
AUTHENTICATION CONFIRMATION in accordance with the specification on page 7 at lines 
15-16 and on page 11 at line 18. 

In revised FIG. 7B, Applicants have changed reference designation 712 to 702 to identify 
the NETWORK INTERFACE CARD in accordance with the specification on page 1 6 at line 1 1 . 

The revised drawings are responsive to the objection to the drawings and are also 
responsive to the objection to the specification. No amendments to the specification are required. 
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Since the revised drawings are consistent with the original specification, Applicants 
respectfully submit that no new matter is introduced by the proposed drawing changes. 
Applicants respectfully request the Examiner to approve the revised drawings. Applicants also 
request the Examiner to withdraw the objection to the drawings and the objection to the 
specification. 

Rejection of Claims 37-39 Under 35 U.S.C. § 102(b) 

In the Office Action, the Examiner rejects Claims 37-39 under 35 U.S.C. §102(b) as 
being anticipated by Australian Patent Application No. 63545/98 to Schmitz ("Schmitz"). 
Applicants respectfully traverse the rejection for the following reasons. 

A claim is anticipated only if each and every element as set forth in the claim is found, 
either expressly or inherently described, in a single prior art reference. Verdegaal Brothers v. 
Union Oil Co. of California, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). The identical invention 
must be shown in as complete detail as is contained in the claim. Richardson v. Suzuki Motor 
Co., 9 USPQ2d 1913, 1920 (Fed. Cir. 1989). As discussed below, Schmitz does not expressly or 
inherently disclose or suggest each and every element of independent Claim 37. 

Figure 1 of Schmitz teaches a user sending a qualifying ID through a data input apparatus 
1 to an authorization computer 2 and receiving a transaction authorization number (a "TAN") 
from the authorization computer 2 through a receiver 3. The user may then enter the TAN into 
the data input apparatus 1 for verification by the authorization computer. See page 13 at line 20 
through page 14 at line 10. 

Security of the system in Schmitz is accomplished by employing two separate 
transmission paths. The first transmission path is from the data input device 1 to the 
authorization computer 2 for requesting a TAN. The second transmission path is from the 
authorization computer 2 to the receiver 3 for providing the TAN to the user. See page 8 at 
lines 1-13. Thus, the request is made through a data input device 1 attached to the 
authorization computer 2 (see Fig. 1) or part of the authorization computer 2 (see page 16 at 
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lines 3-4). The receiver 3 for receiving the TAN, on the other hand, may be a portable device 
such as a pager 3 1 or a "handy" 32. See page 15, lines 18-25. 

Unlike Claim 37, Schmitz does not teach or suggest associating a user with a personal 
communication device possessed by the user, associating the user with an account, wherein an 
initiation of access through the account requires that the account be activated, receiving a 
request transmitted by the personal communication device, and in response to the receipt of the 
request, activating the account. Rather, Schmitz teaches receiving a request transmitted by a 
data input apparatus 1 while using the receiver 3 (i.e., a personal communication device) only for 
receiving the TAN. Therefore, Schmitz does not teach each and every element of the invention 
defined in Claim 37 as required to anticipate Claim 37 under 35 U.S.C. § 102(b). Accordingly, 
Applicants respectfully submit that Claim 37 is patentably distinguished over Schmitz. 
Applicants respectfully request the Examiner to withdraw the rejection of Claim 37 under 
35 U.S.C. § 102(b) and to pass Claim 37 to allowance. 

Claims 38 and 39 depend from Claim 37 and further define the invention defined in 
Claim 37. In view of the allowability of Claim 37 and in further view of the limitations in 
Claims 38 and 39, Applicants respectfully submit that Claims 38 and 39 are also allowable. 
Applicants respectfully request that the Examiner to withdraw the rejection of Claims 38 and 39 
under 35 U.S.C. § 102(b) and to pass Claims 38 and 39 to allowance. 

Rejection of Claims 28-36 and 40-53 Under 35 U.S.C. § 103(a) 

In the Office Action, the Examiner rejects Claims 28-36 and 40-53 under 
35 U.S.C. § 103(a) as being unpatentable over Schmitz in view of Menezes, Handbook of 
Applied Cryptography, 1997, page 390. Applicants respectfully traverse this rejection for the 
following reasons. 

Section 2143 of the M.P.E.P. states that to establish prima facie obviousness three 

requirements must be met: 

To establish a prima facie case of obviousness, three basic criteria must be met. 
First, there must be some suggestion or motivation, either in the references 
themselves or in the knowledge generally available to one of ordinary skill in the 
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art, to modify the reference or to combine reference teachings. Second, there must 
be a reasonable expectation of success. Finally, the prior art reference (or 
references when combined) must teach or suggest all the claim limitations. The 
teaching or suggestion to make the claimed combination and the reasonable 
expectation of success must both be found in the prior art, and not based on the 
Applicant's disclosure. 

Applicants respectfully submit that the elements for a prima facie case of obviousness are 
not met by the proposed combination of Schmitz and Menezes because the two references do not 
teach or suggest all the claim limitations. 

As acknowledged by the Examiner, Schmitz does not teach a method for creating a 
password. On page 4 of the Office Action, the Examiner states that Menezes discloses that a 
password may be augmented with a random string, called a "salt, " along with a hashing 
function, in order to make dictionary attacks less effective (see section (v)), and further notes that 
an entity's ID can be used as a salt. The Examiner concludes that it would have been obvious to 
combine Menezes with Schmitz to obtain the claimed invention. Applicants respectfully 
disagree. 

Menezes teaches that the salt is determined upon initial entry of a password into a system. 
Thus, only one salt exists for a corresponding password because the password is augmented by 
the salt before applying the one way function. If a new salt were generated each time a password 
was received for verification, the one-way function would make it impossible to compare it to the 
hashed password and salt created upon initial entry. Therefore, the salt taught by Menezes 
cannot be the same as the TAN taught by Schmitz because the security features taught by 
Schmitz depend on a new TAN being generated or selected each time a request is received. 
Further, the salt taught by Menezes is only used internally in the system verifying the password 
and is not transmitted to the user each time a request is received, as taught by Schmitz. 

Unlike the invention defined in Claim 28, the combined references do not teach or 
suggest [a] method of authenticating a user, the method comprising: associating the user with a 
personal communication device possessed by the user; generating a new password based at 
least upon a token and a passcode, wherein the token is not known to the user and wherein the 
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passcode is known to the user; setting a password associated with the user to be the new 
password; transmitting the token to the personal communication device; and receiving the 
password from the user. Thus, the invention defined in Claim 28 is not obvious in view of the 
proposed combination. Applicants respectfully submit that Claim 28 is patentably distinguished 
over Schmitz in view of Menezes. Applicants respectfully request the Examiner to withdraw the 
rejection of Claim 28 under 35 U.S.C. § 103(a) and to pass Claim 28 to allowance. 

Claims 29-33 depend from Claim 28 and further define the invention defined in 
Claim 28. In view of the allowability of Claim 28 and in further view of the limitations in 
Claims 29-33, Applicants respectfully submit that Claims 29-33 are also patentably distinguished 
over the cited references. Applicants respectfully request the Examiner to withdraw the rejection 
of Claims 29-33 under 35 U.S.C. § 103(a). 

Unlike the invention defined in Claim 34, the combined references do not teach or 
suggest [a] user authentication system comprising: a user database configured to associate a 
user with a personal communication device possessed by the user; a control module configured 
to create a new password based at least upon a token and a passcode, wherein the token is not 
known to the user and wherein the passcode is known to the user, the control module further 
configured to set a password associated with the user to be the new password; a communication 
module configured to transmit the token to the personal communication device; and an 
authentication module configured to receive the password from the user. Thus, the invention 
defined in Claim 34 is not obvious in view of the proposed combination. Applicants respectfully 
submit that Claim 34 is patentably distinguished over Schmitz in view of Menezes. Applicants 
respectfully request the Examiner to withdraw the rejection of Claim 34 under 
35 U.S.C. § 103(a) and to pass Claim 34 to allowance. 

Claims 35 and 36 depend from Claim 34 and further define the invention defined in 
Claim 34. In view of the allowability of Claim 34 and in further view of the limitations in 
Claims 35 and 36, Applicants respectfully submit that Claims 35 and 36 are also patentably 
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distinguished over the cited references. Applicants respectfully request the Examiner to 
withdraw the rejection of Claims 35 and 36 under 35 U.S.C. § 103(a). 

Unlike the invention defined in Claim 43, the combined references do not teach or 
suggest [a] method of regulating access to a secure system, the method comprising: receiving a 
request for a token, wherein the request is transmitted from a personal communication device 
as a result of an action by a user; in response to the receipt of the request, transmitting the token 
to the personal communication device; receiving login data from the user in response to a 
request for authentication information, wherein the login data is based at least upon the token; 
and granting access to the secure system based at least upon the received login data. Thus, the 
invention defined in Claim 43 is not obvious in view of the proposed combination. Applicants 
respectfully submit that Claim 43 is patentably distinguished over Schmitz in view of Menezes. 
Applicants respectfully request the Examiner to withdraw the rejection of Claim 43 under 
35 U.S.C. § 103(a) and to pass Claim 43 to allowance. 

Claims 44-49 depend from Claim 43 and further define the invention defined in Claim 
43. In view of the allowability of Claim 43 and in further view of the limitations in 
Claims 44-49, Applicants respectfully submit that Claims 44-49 are also patentably distinguished 
over the cited references. Applicants respectfully request the Examiner to withdraw the rejection 
of Claims 44-49 under 35 U.S.C. § 103(a). 

Unlike the invention defined in Claim 50, the combined references do not teach or 
suggest [ajn access control system comprising; a communication module configured to receive a 
request for a token, wherein the request is transmitted from a personal communication device 
as a result of an action by a user, and wherein the communication module is further configured 
to transmit the token to the personal communication device in response to the request; a user 
token server configured to generate a valid password based at least upon the token; and an 
authentication module configured to receive a submitted password in response to a request for 
authentication of the user, the authentication module further configured to grant access to the 
user if at least the submitted password matches the valid password. Thus, the invention defined 
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in Claim 50 is not obvious in view of the proposed combination. Applicants respectfully submit 
that Claim 50 is patentably distinguished over Schmitz in view of Menezes. Applicants 
respectfully request the Examiner to withdraw the rejection of Claim 50 under 
35 U.S.C. § 103(a) and to pass Claim 50 to allowance. 

Claims 51-53 depend from Claim 50 and further define the invention defined in Claim 
50. In view of the allowability of Claim 50 and in further view of the limitations in 
Claims 51-53, Applicants respectfully submit that Claims 51-53 are also patentably distinguished 
over the cited references. Applicants respectfully request the Examiner to withdraw the rejection 
of Claims 51-53 under 35 U.S.C. § 103(a). 



In view of the amendment to Claim 37 and the revisions to the drawings, and in further 
view of the foregoing discussion, Applicants respectfully submit that this application is in 
condition for allowance with Claims 28-53 as presented herein. Applicants respectfully request 
the Examiner to withdraw all objections and rejections and to pass this application with 
allowance with Claims 28-53. 

Should the Examiner determine that additional issues may be resolved by a telephone 
call, the Examiner is cordially invited to contact the undersigned attorney of record so that such 
issues may be promptly resolved so that this application may be passed to issuance. 



Summary 



Respectfully submitted, 



KNOBBE, MARTENS, OLSON & BEAR, LLP 




Registration No. 31,567 
Attorney of Record 
Customer No. 20,995 
949-721-2849 (direct) 
949-760-0404 (operator) 
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